Date of Award
Fall 2023
Access Type
Thesis - Open Access
Degree Name
Master of Science in Electrical & Computer Engineering
Department
Electrical, Computer, Software, and Systems Engineering
Committee Chair
Massood Towhidnejad
Committee Advisor
Omar Ochoa
First Committee Member
Massood Towhidnejad
Second Committee Member
Laxima Niure Kandel
College Dean
Jim Gregory
Abstract
Adversarial attacks, or attacks committed by an adversary to hijack a system, are prevalent in the deep learning tasks of computer vision and are one of the greatest threats to these models' safe and accurate use. These attacks force the trained model to misclassify an image, using pixel-level changes undetectable to the human eye. Various defenses against these attacks exist and are detailed in this work. The work of previous researchers has established that when adversarial attacks occur, different node patterns in a Deep Neural Network (DNN) are activated within the model. Additionally, it is known that CPU and GPU metrics look different when different computations are occurring. This work builds upon that knowledge to hypothesize that the system performance metrics, in the form of CPUs, GPUs, and throughput, will reflect the presence of adversarial input in a DNN. This experiment found that external measurements of system performance metrics did not reflect the presence of adversarial input. This work establishes the beginning stages of using system performance metrics to detect and defend against adversarial attacks. Using performance metrics to defend against adversarial attacks can increase the model's safety, improving the robustness and trustworthiness of DNNs.
Scholarly Commons Citation
Reynolds, Sarah, "A System for the Detection of Adversarial Attacks in Computer Vision via Performance Metrics" (2023). Doctoral Dissertations and Master's Theses. 776.
https://commons.erau.edu/edt/776
